Michael S. Tsirkin
2023-Jul-23 10:02 UTC
[PATCH v1] vdpa: Complement vdpa_nl_policy for nlattr length check
On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote:> > > Sure, that is another undergoing task I'm working on. If the nlattr is parsed with > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore (which is the default > > for modern nla_parse). > > For the general netlink interface, the deciding flag should be genl_ops.validate defined in > each ops. The default validate flag is strict, while the developer can overwrite the flag > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, safer code should > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > Regrads > LinOh I see. It started here: commit 33b347503f014ebf76257327cbc7001c6b721956 Author: Parav Pandit <parav at nvidia.com> Date: Tue Jan 5 12:32:00 2021 +0200 vdpa: Define vdpa mgmt device, ops and a netlink interface which did: + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, which was most likely just a copy paste from somewhere, right Parav? and then everyone kept copying this around. Parav, Eli can we drop these? There's a tiny chance of breaking something but I feel there aren't that many users outside mlx5 yet, so if you guys can test on mlx5 and confirm no breakage, I think we are good. -- MST
Jason Wang
2023-Jul-24 07:11 UTC
[PATCH v1] vdpa: Complement vdpa_nl_policy for nlattr length check
On Sun, Jul 23, 2023 at 6:02?PM Michael S. Tsirkin <mst at redhat.com> wrote:> > On Sun, Jul 23, 2023 at 05:48:46PM +0800, Lin Ma wrote: > > > > > Sure, that is another undergoing task I'm working on. If the nlattr is parsed with > > > NL_VALIDATE_UNSPEC, any forgotten nlattr will be rejected, therefore (which is the default > > > for modern nla_parse). > > > > For the general netlink interface, the deciding flag should be genl_ops.validate defined in > > each ops. The default validate flag is strict, while the developer can overwrite the flag > > with GENL_DONT_VALIDATE_STRICT to ease the validation. That is to say, safer code should > > enforce NL_VALIDATE_STRICT by not overwriting the validate flag. > > > > Regrads > > Lin > > > Oh I see. > > It started here: > > commit 33b347503f014ebf76257327cbc7001c6b721956 > Author: Parav Pandit <parav at nvidia.com> > Date: Tue Jan 5 12:32:00 2021 +0200 > > vdpa: Define vdpa mgmt device, ops and a netlink interface > > which did: > > + .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, > > > which was most likely just a copy paste from somewhere, right Parav? > > and then everyone kept copying this around. > > Parav, Eli can we drop these? There's a tiny chance of breaking something > but I feel there aren't that many users outside mlx5 yet, so if you > guys can test on mlx5 and confirm no breakage, I think we are good.Adding Dragos. Thanks> > -- > MST >